Bump the github-actions group with 6 updates by dependabot[bot] · Pull Request #10365 · WordPress/wordpress-develop (original) (raw)
Bumps the github-actions group with 6 updates:
| Package | From | To |
|---|---|---|
| actions/github-script | 7.0.1 | 8.0.0 |
| actions/checkout | 4.2.2 | 5.0.0 |
| shivammathur/setup-php | 2.35.3 | 2.35.5 |
| actions/setup-node | 4.3.0 | 6.0.0 |
| actions/cache | 4.2.4 | 4.3.0 |
| codecov/codecov-action | 5.4.3 | 5.5.1 |
Updates actions/github-script from 7.0.1 to 8.0.0
Release notes
Sourced from actions/github-script's releases.
v8.0.0
What's Changed
- Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637
- README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653
⚠️ Minimum Compatible Runner Version
v2.327.1
Release NotesMake sure your runner is updated to this version or newer to use this release.
New Contributors
- @salmanmkc made their first contribution in actions/github-script#637
- @sneha-krip made their first contribution in actions/github-script#653
Full Changelog: actions/github-script@v7.1.0...v8.0.0
v7.1.0
What's Changed
- Upgrade husky to v9 by @benelan in actions/github-script#482
- Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485
- Upgrade IA Publish by @Jcambass in actions/github-script#486
- Fix workflow status badges by @joshmgross in actions/github-script#497
- Update usage of
actions/upload-artifactby @joshmgross in actions/github-script#512- Clear up package name confusion by @joshmgross in actions/github-script#514
- Update dependencies with
npm audit fixby @joshmgross in actions/github-script#515- Specify that the used script is JavaScript by @timotk in actions/github-script#478
- chore: Add Dependabot for NPM and Actions by @nschonni in actions/github-script#472
- Define
permissionsin workflows and update actions by @joshmgross in actions/github-script#531- chore: Add Dependabot for .github/actions/install-dependencies by @nschonni in actions/github-script#532
- chore: Remove .vscode settings by @nschonni in actions/github-script#533
- ci: Use github/setup-licensed by @nschonni in actions/github-script#473
- make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @iamstarkov in actions/github-script#508
- Remove
octokitREADME updates for v7 by @joshmgross in actions/github-script#557- docs: add "exec" usage examples by @neilime in actions/github-script#546
- Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @dependabot[bot] in actions/github-script#563
- Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @dependabot[bot] in actions/github-script#575
- Clearly document passing inputs to the
scriptby @joshmgross in actions/github-script#603- Update README.md by @nebuk89 in actions/github-script#610
New Contributors
- @benelan made their first contribution in actions/github-script#482
- @Jcambass made their first contribution in actions/github-script#485
- @timotk made their first contribution in actions/github-script#478
- @iamstarkov made their first contribution in actions/github-script#508
- @neilime made their first contribution in actions/github-script#546
- @nebuk89 made their first contribution in actions/github-script#610
Full Changelog: actions/github-script@v7...v7.1.0
Commits
- ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
- 2dc352e Bold minimum Actions Runner version in README
- 01e118c Update README for Node 24 runtime requirements
- 8b222ac Apply suggestion from @salmanmkc
- adc0eea README for updating actions/github-script from v7 to v8
- 20fe497 Merge pull request #637 from actions/node24
- e7b7f22 update licenses
- 2c81ba0 Update Node.js version support to 24.x
- f28e40c Merge pull request #610 from actions/nebuk89-patch-1
- 1ae9958 Update README.md
- Additional commits viewable in compare view
Updates actions/checkout from 4.2.2 to 5.0.0
Release notes
Sourced from actions/checkout's releases.
v5.0.0
What's Changed
- Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226
- Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238
⚠️ Minimum Compatible Runner Version
v2.327.1
Release NotesMake sure your runner is updated to this version or newer to use this release.
Full Changelog: actions/checkout@v4...v5.0.0
v4.3.0
What's Changed
- docs: update README.md by @motss in actions/checkout#1971
- Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977
- Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043
- Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044
- Update README.md by @nebuk89 in actions/checkout#2194
- Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224
- Update package dependencies by @salmanmkc in actions/checkout#2236
- Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237
New Contributors
- @motss made their first contribution in actions/checkout#1971
- @mouismail made their first contribution in actions/checkout#1977
- @benwells made their first contribution in actions/checkout#2043
- @nebuk89 made their first contribution in actions/checkout#2194
- @salmanmkc made their first contribution in actions/checkout#2236
Full Changelog: actions/checkout@v4...v4.3.0
Changelog
Sourced from actions/checkout's changelog.
Changelog
V5.0.0
- Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226
V4.3.0
- docs: update README.md by @motss in actions/checkout#1971
- Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977
- Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043
- Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044
- Update README.md by @nebuk89 in actions/checkout#2194
- Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224
- Update package dependencies by @salmanmkc in actions/checkout#2236
v4.2.2
url-helper.tsnow leverages well-known environment variables by @jww3 in actions/checkout#1941- Expand unit test coverage for
isGhesby @jww3 in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924
v4.2.0
- Add Ref and Commit outputs by @lucacome in actions/checkout#1180
- Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872
v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739
- Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697
- Check out other refs/* by commit by @orhantoy in actions/checkout#1774
- Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776
v4.1.6
- Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732
v4.1.5
- Update NPM dependencies by @cory-miller in actions/checkout#1703
- Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694
- Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696
- Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695
- README: Suggest
user.emailto be41898282+github-actions[bot]@users.noreply.github.comby @cory-miller in actions/checkout#1707v4.1.4
- Disable
extensions.worktreeConfigwhen disablingsparse-checkoutby @jww3 in actions/checkout#1692- Add dependabot config by @cory-miller in actions/checkout#1688
- Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693
- Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643
v4.1.3
... (truncated)
Commits
- 08c6903 Prepare v5.0.0 release (#2238)
- 9f26565 Update actions checkout to use node 24 (#2226)
- 08eba0b Prepare release v4.3.0 (#2237)
- 631c7dc Update package dependencies (#2236)
- 8edcb1b Update CODEOWNERS for actions (#2224)
- 09d2aca Update README.md (#2194)
- 85e6279 Adjust positioning of user email note and permissions heading (#2044)
- 009b9ae Documentation update - add recommended permissions to Readme (#2043)
- cbb7224 Update README.md (#1977)
- 3b9b8c8 docs: update README.md (#1971)
- See full diff in compare view
Updates shivammathur/setup-php from 2.35.3 to 2.35.5
Release notes
Sourced from shivammathur/setup-php's releases.
2.35.5
Changelog
- Added support for macOS 26 based environments.
runs-on: macos-26 steps:
- name: Setup PHP uses: shivammathur/setup-php@v2
- Fixed resolving tools' releases to the latest one for a version prefix in tools input. (#1000) For example, this should install the latest release of PHPUnit with
10.5as the prefix.
- name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.1' tools: phpunit:10.5.x
- Improved installing
intlextension with a particular ICU versions.
- name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' extensions: intl-77.1
- Fixed tools setup to use the new
github-tokeninput value to avoid rate limits.
- name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' tools: phpcs: 4 github-token: ${{ secrets.GITHUB_TOKEN }}
... (truncated)
Commits
- bf6b4fb Improve sorting in tools.getSemverVersion
- 8f81967 Fix sorting in tools.getSemverVersion
- 06512d9 Update macos-latest in README [skip ci]
- 1c302ae Mark macOS 26 as supported [skip ci]
- dcffe28 Fix jit config on arm
- 6ffdb3d Bump version to 2.35.5
- c97dacb Merge pull request #995 from shivammathur/dependabot/github_actions/develop/a...
- 34f574e Bump actions/setup-node from 4 to 5
- 317a051 Add fallback cache for keys in ppa.sh
- dfcda83 Add fallback url for composer
- Additional commits viewable in compare view
Updates actions/setup-node from 4.3.0 to 6.0.0
Release notes
Sourced from actions/setup-node's releases.
v6.0.0
What's Changed
Breaking Changes
- Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374
Dependency Upgrades
- Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336
- Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362
Full Changelog: actions/setup-node@v5...v6.0.0
v5.0.0
What's Changed
Breaking Changes
- Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in actions/setup-node#1348
This update, introduces automatic caching when a valid
packageManagerfield is present in yourpackage.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, setpackage-manager-cache: falsesteps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5 with: package-manager-cache: false
- Upgrade action to use node24 by @salmanmkc in actions/setup-node#1325
Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade
@octokit/request-errorand@actions/githubby @dependabot[bot] in actions/setup-node#1227- Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in actions/setup-node#1273
- Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-node#1295
- Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-node#1332
- Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-node#1345
New Contributors
- @priya-kinthali made their first contribution in actions/setup-node#1348
- @salmanmkc made their first contribution in actions/setup-node#1325
Full Changelog: actions/setup-node@v4...v5.0.0
v4.4.0
... (truncated)
Commits
- 2028fbc Limit automatic caching to npm, update workflows and documentation (#1374)
- 1342781 Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)
- 89d709d Bump prettier from 2.8.8 to 3.6.2 (#1334)
- cd2651c Bump ts-jest from 29.1.2 to 29.4.1 (#1336)
- a0853c2 Bump actions/checkout from 4 to 5 (#1345)
- b7234cc Upgrade action to use node24 (#1325)
- d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
- 5e2628c Bumps form-data (#1332)
- 65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
- 7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
- Additional commits viewable in compare view
Updates actions/cache from 4.2.4 to 4.3.0
Release notes
Sourced from actions/cache's releases.
v4.3.0
What's Changed
- Add note on runner versions by @GhadimiR in actions/cache#1642
- Prepare
v4.3.0release by @Link- in actions/cache#1655New Contributors
- @GhadimiR made their first contribution in actions/cache#1642
Full Changelog: actions/cache@v4...v4.3.0
Changelog
Sourced from actions/cache's changelog.
Releases
4.3.0
- Bump
@actions/cacheto v4.1.04.2.4
- Bump
@actions/cacheto v4.0.54.2.3
- Bump
@actions/cacheto v4.0.3 (obfuscates SAS token in debug logs for cache entries)4.2.2
- Bump
@actions/cacheto v4.0.24.2.1
- Bump
@actions/cacheto v4.0.14.2.0
TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.
The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.
We are deprecating some versions of this action. We recommend upgrading to version
v4orv3as soon as possible before February 1st, 2025. (Upgrade instructions below).If you are using pinned SHAs, please use the SHAs of versions
v4.2.0orv3.4.0If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.
Upgrading to the recommended versions will not break your workflows.
4.1.2
- Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
- Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475
4.1.1
- Restore original behavior of
cache-hitoutput - #14674.1.0
... (truncated)
Commits
- 0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
- 4f5ea67 Update licensed cache
- 9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
- 638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
- 3862dcc Add note on runner versions
- See full diff in compare view
Updates codecov/codecov-action from 5.4.3 to 5.5.1
Release notes
Sourced from codecov/codecov-action's releases.
v5.5.1
What's Changed
- build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in codecov/codecov-action#1833
- build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @dependabot[bot] in codecov/codecov-action#1861
- Document a
codecov-cliversion reference example by @webknjaz in codecov/codecov-action#1774- docs: fix typo in README by @datalater in codecov/codecov-action#1866
- fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872
- build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in codecov/codecov-action#1867
- build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in codecov/codecov-action#1868
- fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871
- chore(release): 5.5.1 by @thomasrockhu-codecov in codecov/codecov-action#1873
New Contributors
- @datalater made their first contribution in codecov/codecov-action#1866
Full Changelog: codecov/codecov-action@v5.5.0...v5.5.1
v5.5.0
What's Changed
- build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in codecov/codecov-action#1829
- docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837
- fix: Typo in README by @spalmurray in codecov/codecov-action#1838
- fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835
- Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859
- feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864
- chore(release): 5.5.0 by @thomasrockhu-codecov in codecov/codecov-action#1865
New Contributors
- @spalmurray made their first contribution in codecov/codecov-action#1837
- @martincostello made their first contribution in codecov/codecov-action#1859
- @jviall made their first contribution in codecov/codecov-action#1864
Full Changelog: codecov/codecov-action@v5.4.3...v5.5.0
Changelog
Sourced from codecov/codecov-action's changelog.
v5.5.1
What's Changed
- fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871
- build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by
@app/dependabotin codecov/codecov-action#1868- build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by
@app/dependabotin codecov/codecov-action#1867- fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872
- docs: fix typo in README by @datalater in codecov/codecov-action#1866
- Document a
codecov-cliversion reference example by @webknjaz in codecov/codecov-action#1774- build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by
@app/dependabotin codecov/codecov-action#1861- build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by
@app/dependabotin codecov/codecov-action#1833Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1
v5.5.0
What's Changed
- feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864
- Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859
- fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835
- fix: Typo in README by @spalmurray in codecov/codecov-action#1838
- docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837
- build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by
@app/dependabotin codecov/codecov-action#1829Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0
v5.4.3
What's Changed
- build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by
@app/dependabotin codecov/codecov-action#1822- fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823
Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3
v5.4.2
What's Changed
Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2
v5.4.1
... (truncated)
Commits
- 5a10915 chore(release): 5.5.1 (#1873)
- 3e0ce21 fix: overwrite pr number on fork (#1871)
- c4741c8 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)
- 17370e8 build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)
- 18fdacf fix: update to use local app/ dir (#1872)
- 206148c docs: fix typo in README (#1866)
- 3cb13a1 Document a
codecov-cliversion reference example (#1774) - a4803c1 build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (#1861)
- 3139621 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1833)
- fdcc847 chore(release): 5.5.0 (#1865)
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions